1. 30 Jan, 2013 1 commit
  2. 19 Jan, 2013 1 commit
  3. 21 Oct, 2012 1 commit
  4. 24 Sep, 2012 1 commit
  5. 20 Sep, 2012 1 commit
  6. 17 Sep, 2012 1 commit
    • canyonknight's avatar
      Migrate all DB code to use PDO · e171f6f3
      canyonknight authored
      
      
      All DB code currently uses the quickly aging mysql_* functions. These
      functions are strongly discouraged and may eventually be deprecated.
      
      Transition all code to utilize the PDO data access abstraction layer. PDO
      allows for consistent query code across multiple databases. This could
      potentially allow for someone to use a database other than MySQL with
      minimal code changes.
      
      All functions and behaviors are reproduced as faithfully as possible with
      PDO equivalents and some changes in code.
      
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      e171f6f3
  7. 17 Jul, 2012 1 commit
  8. 14 Jul, 2012 1 commit
  9. 06 Jul, 2012 4 commits
  10. 24 Jun, 2012 1 commit
    • canyonknight's avatar
      Implement token system to fix CSRF vulnerabilities · 2c93f0a9
      canyonknight authored
      
      
      Specially crafted pages can force authenticated users to unknowingly perform
      actions on the AUR website despite being on an attacker's website. This
      cross-site request forgery (CSRF) vulnerability applies to all POST data on
      the AUR.
      
      Implement a token system using a double submit cookie. Have a hidden form
      value on every page containing POST forms. Use the newly added check_token() to
      verify the token sent via POST matches the "AURSID" cookie value. Random
      nature of the token limits potential for CSRF.
      
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      2c93f0a9
  11. 24 Mar, 2012 1 commit
  12. 21 Mar, 2012 1 commit
    • BlackEagle's avatar
      valid_email :: check if domain part is real · 0a1e1729
      BlackEagle authored
      
      
      this can be used as an intermediate 'patch' util there is a validation
      system in place.
      
      the extra check is to verify that the domain part of a correctly
      formatted email address is existing and in use. this will not at all
      stop spammers since they can use bogus emails with valid domain parts
      
      Lukas: Minor formatting changes.
      
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      0a1e1729
  13. 02 Nov, 2011 1 commit
  14. 25 Oct, 2011 2 commits
  15. 24 Oct, 2011 3 commits
  16. 11 Aug, 2011 3 commits
  17. 10 Aug, 2011 1 commit
  18. 25 Jun, 2011 2 commits
  19. 22 Jun, 2011 3 commits
  20. 17 May, 2011 1 commit
  21. 27 Apr, 2011 2 commits
  22. 10 Apr, 2011 1 commit
  23. 03 Apr, 2011 1 commit
    • Dan McGee's avatar
      Remove Dummy Package concept · 7c91c592
      Dan McGee authored
      
      
      Instead, we just store dependencies directly in the PackageDepends
      table. Since we don't use this info anywhere besides the package details
      page, there is little value in precalculating what is in the AUR vs.
      what is not.
      
      An upgrade path is provided via several SQL statements in the UPGRADING
      document. There should be no user-visible change from this, but the DB
      schema gets a bit more sane and we no longer have loads of junk packages
      in our tables that are never shown to the end user. This should also
      help the MySQL query planner in several cases as we no longer have to be
      careful to exclude dummy packages on every query.
      
      Signed-off-by: default avatarDan McGee <dan@archlinux.org>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      7c91c592
  24. 04 Mar, 2011 2 commits
  25. 27 Feb, 2011 2 commits
  26. 21 Feb, 2011 1 commit